Simple Microsoft Network Patches For ATMs Not Being Performed by Banks and Credit Unions BATON ROUGE, La., July 2
BATON ROUGE, La., July 2 /PRNewswire/ -- TraceSecurity, a leading provider
of SaaS security compliance and risk management solutions, disclosed today
that the case of Citibank customers whose funds were hacked via the connection
between ATMs and third parties processing their PIN codes, are just the tip of
the iceberg when it comes to the overall security and compliance of the
networks that process ATM transactions. Over the past five years,
TraceSecurity personnel have uncovered thousands of un-patched ATM processing
servers while performing routine security compliance inspections.
TraceSecurity is responsible for performing annual audits and inspections for
firms in the financial services space to ensure they are complying with
industry and government regulations that help protect consumers' sensitive
data as well as the funds in their accounts.
"Most people's home personal computers are better protected from malicious
hackers than many ATM servers," remarked Jim Stickley, CTO and Vice President
of Strategy and Solutions at TraceSecurity. "Financial institutions are
failing to perform patch updates to ATM servers often because third party
vendors aren't approving the patches to be applied to systems running their
ATM software. As a result, hackers could easily exploit known security holes
in operating systems such as Microsoft, which are used by many ATM solutions
available today."
In addition, TraceSecurity has found that many financial institutions are
not placing their ATM servers into secured private segments on the network.
This means that anyone with basic access to the network can eavesdrop on the
data and transactions being processed by the ATMs and hack away at un-patched
services. Officials at TraceSecurity recommend that ATMs should always be
segmented onto their own network segments with tight access controls in place.
Stickley added, "Financial institutions need to do a much better job at
setting up their network infrastructure. Unfortunately many organizations make
the assumption that as long as the servers are behind a firewall they are
safe. That is simply not the case."
To learn of other ATM scams that TraceSecurity unveiled to consumers in
order to better educate them of the dangers of using an ATM, please click on
the following URL:
http://www.tracesecurity.com/news-events/news/2007-fake-ATM-scams.php .
About TraceSecurity
TraceSecurity is a leading provider of security compliance and risk
management solutions. The company helps organizations of all sizes to
achieve, maintain and demonstrate security compliance while significantly
improving their security posture. Key to TraceSecurity's success is the
company's comprehensive patent-pending methodology that helps clients address
all of the critical components of a successful security compliance program;
people, process and technology.
TraceSecurity delivers its solutions through an integrated software-as-a-
service platform backed by expert professional services and comprehensive
security awareness programs. The company's flagship offering, TraceCompliance
Manager, is the first comprehensive solution to automate regulatory compliance
audits, board level reporting, policy management, vulnerability assessment,
and employee education and testing. The company's expert professional
services include onsite security audits, and social engineering. The security
awareness programs include an exhaustive set of standard offerings as well as
custom designed courses. With over 800 clients, TraceSecurity supports the
risk management and security compliance efforts of organizations in financial
services, healthcare, insurance, government and other regulated sectors. For
more information, please visit www.tracesecurity.com.
SOURCE TraceSecurity
